Secure Global Desktop Authentication
System Authentication Mechanisms
Active Directory Authentication
How Active Directory Authentication Works
User Identity and User Profile
Setting Up Active Directory Authentication
Preparing for Active Directory Authentication
Supported Versions of Active Directory
Network Requirements for Active Directory Authentication
SSL Connections to Active Directory
Configuring SGD for Kerberos Authentication
Active Directory Password Expiry
How to Enable Active Directory Authentication
How Anonymous User Authentication Works
User Identity and User Profile
User Identity and User Profile
Setting Up LDAP Authentication
Preparing for LDAP Authentication
Network Requirements for LDAP Authentication
LDAP Bind DN and Password Change
Authentication to Novell eDirectory
How to Enable LDAP Authentication
How SecurID Authentication Works
User Identity and User Profile
Setting Up SecurID Authentication
Configuring SGD Servers as Agent Hosts
How to Configure an SGD Server as an Agent Host
How to Enable SecurID Authentication
How Third-Party Authentication Works
User Identity and User Profile
User Identity and User Profile
Use Default Third-Party Identity
User Identity and User Profile
Setting Up Third-Party Authentication
How to Enable Third-Party Authentication
SGD Administrators and Third-Party Authentication
Trusted Users and Third-Party Authentication
Information for Application Developers
How to Create a New Trusted User
How UNIX System Authentication Works
Search Unix User ID in Local Repository
User Identity and User Profile
Search Unix Group ID in Local Repository
User Identity and User Profile
User Identity and User Profile
UNIX System Authentication and PAM
How to Enable UNIX System Authentication
How Windows Domain Authentication Works
User Identity and User Profile
How to Enable Windows Domain Authentication
Passwords, Domains, and Domain Controllers
How to Specify a Domain Controller on a Different Subnet
Tuning Directory Services for Authentication
Filtering LDAP or Active Directory Logins
How to Configure a User Login Filter
How to Configure the Group Login Filter
How to Create an Active Directory Service Object
How to Create an LDAP Service Object
Search Only the Global Catalog
Active Directory Authentication and LDAP Discovery
Troubleshooting Secure Global Desktop Authentication
Setting Log Filters for Authentication Problems
Denying Users Access to SGD After Failed Login Attempts
How to Enable the Login Failure Handler
How to Change the Number of Login Attempts
Users Cannot Log In to Any SGD Server
Using Shared Accounts for Guest Users
How to Share a User Profile Between Users
Solaris OS Users Cannot Log in When Security is Enabled
An Ambiguous User Name Dialog Is Displayed When a User Tries to Log in
3. Publishing Applications to Users
7. SGD Servers, Arrays, and Load Balancing
B. Secure Global Desktop Server Settings
Anonymous user authentication enables users to log in to SGD without using a user name and password.
As users are anonymous, SGD assigns each anonymous user a temporary user identity. The user identity is only effective while the user is logged in.
Anonymous user authentication is disabled by default.
This section includes the following topics:
At the SGD login screen, the user clicks the Log In button, leaving the user name and password blank.
If the user types a user name or a password, the authentication fails and the next authentication mechanism is tried.
If both the user name and the password are blank, the user is authenticated and is logged in.
As the user does not supply a user name or password when they log in, SGD assigns a temporary user identity. In the SGD datastore, the user identity is in the DNS namespace. In the Administration Console, the user identity is displayed as server:number (anon). On the command line, the user identity is displayed as .../_dns/server/_anon/number.
The profile object System Objects/Anonymous Profile is always used for the user profile. All anonymous users receive the same webtop content.
Each user logged in anonymously has independent application sessions. The application sessions end automatically when the user logs out even if the application is configured to be always resumable.
All password cache entries belong to the System Objects/Anonymous User Profile object. All anonymous users share the same application server passwords. Anonymous users cannot add or change entries in the password cache. This means that, unless an SGD Administrator has cached application server passwords for them, anonymous users are prompted for a password every time they start an application. Use the Administration Console or the tarantella passcache command to manage application server passwords for the System Objects/Anonymous User Profile object.
Go to the Global Settings -> Secure Global Desktop Authentication tab and click the Change Secure Global Desktop Authentication button.